System Level LET with Application to Automotive Design

The logical execution time (LET) programming model has been applied in the automotive industry to master multicore programming of large task systems with complex dependencies. Recent developments in electric powertrains and autonomous vehicle functions raise parallel programming from the multicore level to the vehicle level where the requirements for LET application do not hold any more. This paper introduces System Level LET (SL LET), an extension of LET with relaxed synchronization requirements. While related extensions have been proposed for specific scheduling and communication models before, SL LET can be used with a variety of scheduling algorithms and communication semantics. Furthermore, it can be applied to systems with combinations of LET and other programming models. Yet, SL LET allows end-to-end timing guarantees and preserves essential LET properties required for automotive systems. For illustration, we apply the model to an electric vehicle use case

Deterministischer Entwurf und Implementierung von verteilten Systemen durch System-Level Logical Execution Time

The way how software for safety-critical cyber-physical systems (CPSs) is developed has evolved fundamentally, regardless of whether it is an automated vehicle or a robot in a factory. This trend comprises the utilization of agile development paradigms, as well as the introduction of heterogeneous hardware/software architectures and distributed functions. On the other hand, there is the fact that we demand a safe operation of such CPSs in our everyday life. Technically speaking, our requirement for determinism in timing and data-flow of safety-critical cause-effect chains persists unchanged. As a result, we face new challenges in our design process. First, there is a significant flexibility in runtime behavior of both, computation and communication due to the underlying hardware/software platform. Second, the CPS is not static anymore but undergoes frequent updates and modifications. To mitigate the increased complexity, model-based approaches which are capable of providing a degree of robustness to a modified timing behavior are needed. At the same time, the design has to be composable to reduce development costs. Limited to the scope of a single component, the Logical Execution Time (LET) paradigm is a promising candidate for such an abstraction of the runtime behavior and its applicability and benefits have already been demonstrated in the automotive domain. In this thesis, I extend the idea of a logical timing abstraction to the system level, enabling an efficient design of distributed CPS software, where robustness towards platform changes plays a key role. While LET implies major restrictions in terms of latencies and is not suited for distributed communication, System-Level Logical Execution Time (SL-LET) is capable of abstracting communication with distributed clocks as well as pipelined execution, where latencies are far larger than the period. I demonstrate that SL-LET can play its key strengths especially for complex systems with dependent cause-effect chains, where it effectively solves the problem of data-age deviation. SL-LET can be further used to improve the architecture of an Ethernet based communication stack. It thereby allows to introduce a lightweight filter-stack that separates critical from non-critical traffic, while preserving the full stack functionality for non-critical traffic. Contrary to expectation, the determinism gained by SL-LET permits an efficient implementation that enables significantly lower end-to-end latencies for critical traffic. As a result, SL-LET programming rather reduces than extends latencies.Die Art, wie Software für sicherheitskritische cyber-physical systems (CPSs) entwickelt wird, hat sich grundlegend verändert. Dieser Trend umfasst die Nutzung agiler Entwicklungsmethoden, sowie die Einführung heterogener HW/SW-Architekturen und verteilter Funktionen. Gleichzeitig fordern wir in unserem Alltag weiterhin einen sicheren Betrieb solcher Systeme. Technisch ausgedrückt bedeutet dies die Forderung nach einem Determinismus im Zeit- und Datenfluss von sicherheitskritischen Wirkketten. Dies führt zu neuen Herausforderungen im Entwurfsprozess. Erstens gibt es aufgrund der zugrunde liegenden HW/SW-Plattform einen erheblichen Jitter im Laufzeitverhalten. Dies betrifft sowohl die reine Ausführungszeit auf einem Prozessor als auch die Kommunikationszeit in einem Netzwerk. Zweitens ist das System nicht mehr statisch, sondern unterliegt ständigen Updates. Um die Komplexität zu beherrschen, werden modellbasierte Ansätze benötigt, die Robustheit gegenüber einem veränderten Zeitverhalten bieten und gleichzeitig einen komponentenbasierten Entwurf ermöglichen. Für nicht-verteilte Systeme bietet das Logical Execution Time (LET)-Paradigma eine vielversprechende Möglichkeit das Laufzeitverhalten zu abstrahieren. Seine Umsetzbarkeit und Vorteile wurden bereits im Automobilbereich nachgewiesen. In dieser Arbeit erweitere ich die Idee einer logischen Timing-Abstraktion auf die Systemebene, um einen effizienten Entwurf von verteilter CPS-Software zu ermöglichen. Hier spielt die Robustheit gegenüber Veränderungen durch Updates eine Schlüsselrolle. Während LET erhebliche Einschränkungen hinsichtlich der Latenzzeiten mit sich bringt und nicht für verteilte Systeme geeignet ist, ist System-Level Logical Execution Time (SL-LET) in der Lage, die Kommunikation in einem verteilten System mit synchronisierten Uhren sowie die Ausführung von Verarbeitungspipelines zu abstrahieren. Ich zeige, dass SL-LET seine Stärken insbesondere bei komplexen Systemen mit abhängigen Wirkketten ausspielen kann, wo es das Problem der Datenalterabweichung bei der Kombination verschiedener Eingangdaten effektiv löst. SL-LET kann zudem zur Verbesserung der Architektur eines Ethernet-basierten Kommunikationsstacks eingesetzt werden. Dadurch kann ein leichtgewichtiger Filter-Stack eingeführt werden, der kritischen von unkritischem Traffic trennt, während die volle Funktionalität für unkritischen Traffic erhalten bleibt. Entgegen den Erwartungen erlaubt der durch SL-LET gewonnene Determinismus eine effizientere Implementierung, die deutlich niedrigere Ende-zu-Ende- Latenzen für kritischen Traffic ermöglicht. Infolgedessen werden durch die Programmierung mit SL-LET die Latenzen eher verringert als verlängert

System-level Logical Execution Time: Augmenting the Logical Execution Time Paradigm for Distributed Real-Time Automotive Software

International audienc

System Level LET with Application to Automotive Design

The logical execution time (LET) programming model has been applied in the automotive industry to master multicore programming of large task systems with complex dependencies. Recent developments in electric powertrains and autonomous vehicle functions raise parallel programming from the multicore level to the vehicle level where the requirements for LET application do not hold any more. This paper introduces System Level LET (SL LET), an extension of LET with relaxed synchronization requirements. While related extensions have been proposed for specific scheduling and communication models before, SL LET can be used with a variety of scheduling algorithms and communication semantics. Furthermore, it can be applied to systems with combinations of LET and other programming models. Yet, SL LET allows end-to-end timing guarantees and preserves essential LET properties required for automotive systems. For illustration, we apply the model to an electric vehicle use case

AUTOtech.agil: architecture and technologies for orchestrating automotive agility

Future mobility will be electrified, connected and automated. This opens completely new possibilities for mobility concepts that have the chance to improve not only the quality of life but also road safety for everyone. To achieve this, a transformation of the transportation system as we know it today is necessary. The UNICARagil project, which ran from 2018 to 2023, has produced architectures for driverless vehicles that were demonstrated in four full-scale automated vehicle prototypes for different applications. The AUTOtech.agil project builds upon these results and extends the system boundaries from the vehicles to include the whole intelligent transport system (ITS) comprising, e.g., roadside units, coordinating instances and cloud backends. The consortium was extended mainly by industry partners, including OEMs and tier 1 suppliers with the goal to synchronize the concepts developed in the university-driven UNICARagil project with the automotive industry. Three significant use cases of future mobility motivate the consortium to develop a vision for a Cooperative Intelligent Transport System (C-ITS), in which entities are highly connected and continually learning. The proposed software ecosystem is the foundation for the complex software engineering task that is required to realize such a system. Embedded in this ecosystem, a modular kit of robust service-oriented modules along the effect chain of vehicle automation as well as cooperative and collective functions are developed. The modules shall be deployed in a service-oriented E/E platform. In AUTOtech.agil, standardized interfaces and development tools for such platforms are developed. Additionally, the project focuses on continuous uncertainty consideration expressed as quality vectors. A consistent safety and security concept shall pave the way for the homologation of the researched ITS